View Full Version : my laptop hangs a LOT
this is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:36 PM, on 9/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9530 bytes
thank you in advance :D
Hi drv1022
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
hello Mr. Shaba, thanks for the reply..
i would just like to inform you that i'll only be able to do reply and run fixes during the weekends.. i don't have internet access during weekends(i'm at an internet cafe right now).. is that okay? will my thread be deleted due to the long idle periods? thanks
hello.. i'll be here until monday.. :) thanks again.
µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
Assassin's Creed
avast! Antivirus
Batch DOCX to DOC Converter 2009
Canon MP Navigator EX 1.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Conexant HD Audio
Cooking Dash
DivX Converter
DivX Web Player
Epi6 Installer
ERUNT 1.1j
FLV Player 2.0, build 23
FoxyTunes for Firefox
GPL MPEG-1/2 DirectShow Decoder Filter
Half-Life
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Update
HP User Guide 0048
HP Wireless Assistant
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 4.3.1 (Full)
LimeWire 5.2.13
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.105
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Works
Mozilla Firefox (3.5.3)
Mozilla Firefox (3.5b4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetBeans IDE 6.7.1
Notepad++
NVIDIA Drivers
Presto! PageManager 7.15.16
QuickTime
Ranch Rush
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
ScanSoft OmniPage SE 4
Sonic Activation Module
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Text Twist 2 1.00
The Alim
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 0.9.8a
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
LimeWire 5.2.13
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please run a new uninstall list scan when finished and post the log back here.
i don't know why uTorrent is still there, i'm no longer using that program.. it's no longer in my Program Files folder.. as for the limewire, i uninstalled it just now..
µTorrent
Acrobat.com
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
Assassin's Creed
avast! Antivirus
Batch DOCX to DOC Converter 2009
Canon MP Navigator EX 1.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Conexant HD Audio
Cooking Dash
DivX Converter
DivX Web Player
Epi6 Installer
ERUNT 1.1j
FLV Player 2.0, build 23
FoxyTunes for Firefox
GPL MPEG-1/2 DirectShow Decoder Filter
Half-Life
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Update
HP User Guide 0048
HP Wireless Assistant
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 4.3.1 (Full)
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.105
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Works
Mozilla Firefox (3.5.3)
Mozilla Firefox (3.5b4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetBeans IDE 6.7.1
Notepad++
NVIDIA Drivers
Presto! PageManager 7.15.16
QuickTime
Ranch Rush
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
ScanSoft OmniPage SE 4
Sonic Activation Module
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Text Twist 2 1.00
The Alim
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 0.9.8a
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
Download random''s system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by donstanley at 2009-09-19 17:26:55
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 82 GB (56%) free of 147 GB
Total RAM: 1021 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:52 PM, on 9/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\donstanley.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SoWar Browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9623 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000UA.job
C:\Windows\tasks\HPCeeScheduleFordonstanley.job
C:\Windows\tasks\SpeedOptimizer Startup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-02 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-07 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-19 317152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-19 472800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-14 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-14 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-14 81920]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-06 81000]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
"2F7DBA"=C:\Windows\system32\9260E5\2F7DBA.EXE [2009-03-24 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-02 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2008-11-05 4347120]
"Google Update"=C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe []
C:\Users\donstanley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
"NoActiveDesktop"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe"="J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe:*:Enabled:ipsec"
"C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f06e3f9-f727-11dc-9a66-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349dc68b-8f17-11dd-8bb9-001a6b047314}]
shell\Auto\command - G:\keybd.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\keybd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beff0c6-73fe-11dd-b8e1-001a6b047314}]
shell\AutoRun\command - wscript.exe solution.vbs
shell\Open\command - wscript.exe solution.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab43a39-fc1d-11db-98b3-001636e76a30}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e05e648-e458-11db-9863-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2ec337-ee66-11db-bf72-001636e76a30}]
shell\AutoRun\command - F:\EXPLORER.EXE
shell\explore\command - F:\EXPLORER.EXE
shell\open\command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eea49f8-ff2d-11dc-8ba2-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9755d12a-07ee-11de-bcd0-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63adf5c-455b-11dd-8a2c-001a6b047314}]
shell\0pen\command - krag.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc413d76-dd0c-11dc-aca9-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3de0613-bf8c-11dd-a7f5-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
======List of files/folders created in the last 1 months======
2009-09-19 17:26:55 ----DC---- C:\rsit
2009-09-12 22:32:25 ----DC---- C:\Program Files\Trend Micro
2009-09-12 22:30:24 ----D---- C:\Windows\ERDNT
2009-09-12 22:29:49 ----DC---- C:\Program Files\ERUNT
2009-09-12 21:14:49 ----A---- C:\Windows\_MSRSTRT.EXE
2009-09-12 21:06:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-12 21:06:41 ----A---- C:\Windows\system32\mf.dll
2009-09-12 21:06:15 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-12 21:06:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\finger.exe
2009-09-12 21:06:12 ----A---- C:\Windows\system32\ARP.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-12 21:06:10 ----A---- C:\Windows\system32\netevent.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-12 21:04:38 ----A---- C:\Windows\system32\wlansec.dll
2009-09-12 21:04:37 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-12 21:03:54 ----A---- C:\Windows\system32\jscript.dll
2009-09-06 07:07:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-06 07:07:28 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 17:03:13 ----DC---- C:\Program Files\NetBeans 6.7.1
2009-09-02 16:19:44 ----DC---- C:\Program Files\Sun
2009-09-02 16:19:25 ----A---- C:\Windows\system32\deploytk.dll
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaws.exe
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaw.exe
2009-09-02 16:19:23 ----A---- C:\Windows\system32\java.exe
2009-08-31 03:21:02 ----D---- C:\ProgramData\WindowsSearch
2009-08-31 03:02:18 ----A---- C:\Windows\system32\tzres.dll
2009-08-23 10:09:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-08-23 10:09:33 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-23 10:09:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-08-23 10:09:29 ----A---- C:\Windows\system32\icardres.dll
2009-08-23 10:09:29 ----A---- C:\Windows\system32\icardagt.exe
2009-08-23 10:09:20 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-08-23 10:09:09 ----A---- C:\Windows\system32\PresentationHost.exe
2009-08-23 09:51:35 ----A---- C:\Windows\system32\dfshim.dll
2009-08-23 09:51:26 ----A---- C:\Windows\system32\mscoree.dll
2009-08-23 09:51:24 ----A---- C:\Windows\system32\netfxperf.dll
2009-08-23 09:50:48 ----A---- C:\Windows\system32\mscorier.dll
2009-08-23 09:50:33 ----A---- C:\Windows\system32\mscories.dll
2009-08-22 22:11:17 ----A---- C:\Windows\system32\mshtml.dll
2009-08-22 22:11:16 ----A---- C:\Windows\system32\occache.dll
2009-08-22 22:11:14 ----A---- C:\Windows\system32\ieframe.dll
2009-08-22 22:11:10 ----A---- C:\Windows\system32\urlmon.dll
2009-08-22 22:11:09 ----A---- C:\Windows\system32\wininet.dll
2009-08-22 22:11:08 ----A---- C:\Windows\system32\iertutil.dll
2009-08-22 22:11:07 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-22 22:11:06 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-22 22:11:04 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-22 22:11:03 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-22 22:11:02 ----A---- C:\Windows\system32\ieencode.dll
2009-08-22 22:11:01 ----A---- C:\Windows\system32\mstime.dll
2009-08-22 22:10:58 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-22 22:03:41 ----A---- C:\Windows\system32\wmp.dll
2009-08-22 22:03:40 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-22 22:03:33 ----A---- C:\Windows\system32\spwmp.dll
2009-08-22 22:03:27 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-22 22:03:25 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-22 22:02:37 ----A---- C:\Windows\system32\atl.dll
2009-08-22 22:02:32 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-22 22:02:24 ----A---- C:\Windows\system32\mstscax.dll
2009-08-22 22:02:15 ----A---- C:\Windows\system32\avifil32.dll
======List of files/folders modified in the last 1 months======
2009-09-19 17:27:52 ----D---- C:\Windows\Temp
2009-09-19 17:27:15 ----D---- C:\Windows\Prefetch
2009-09-19 07:45:35 ----SHD---- C:\Windows\Installer
2009-09-19 04:19:14 ----RDC---- C:\Program Files
2009-09-19 00:52:06 ----D---- C:\Windows\inf
2009-09-18 18:05:43 ----D---- C:\Windows\system32\catroot
2009-09-18 18:05:42 ----D---- C:\Windows\system32\catroot2
2009-09-18 18:04:28 ----D---- C:\Windows\winsxs
2009-09-13 21:38:03 ----D---- C:\Windows\System32
2009-09-13 21:38:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-13 06:49:24 ----D---- C:\Windows\rescache
2009-09-13 06:27:11 ----D---- C:\Windows\system32\en-US
2009-09-13 06:27:07 ----D---- C:\Windows\system32\drivers
2009-09-13 03:05:22 ----D---- C:\Program Files\Windows Mail
2009-09-13 03:03:56 ----D---- C:\Windows\ehome
2009-09-13 03:01:38 ----SHD---- C:\System Volume Information
2009-09-12 22:50:01 ----DC---- C:\Program Files\Mozilla Firefox
2009-09-12 22:30:24 ----D---- C:\Windows
2009-09-12 22:02:37 ----D---- C:\Users\donstanley\AppData\Roaming\uTorrent
2009-09-12 21:48:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-12 21:35:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-12 21:24:31 ----D---- C:\Program Files\iPod
2009-09-12 21:21:15 ----D---- C:\Program Files\iTunes
2009-09-12 21:19:47 ----HD---- C:\ProgramData
2009-09-12 21:19:46 ----HD---- C:\Windows\system32\GroupPolicy
2009-09-12 21:14:35 ----AD---- C:\ProgramData\TEMP
2009-09-10 22:18:58 ----D---- C:\Users\donstanley\AppData\Roaming\dvdcss
2009-09-07 03:10:28 ----D---- C:\Windows\AppPatch
2009-09-06 03:12:03 ----D---- C:\Windows\Microsoft.NET
2009-09-04 16:54:17 ----D---- C:\Windows\system32\WDI
2009-09-02 16:18:22 ----D---- C:\Program Files\Java
2009-08-31 19:31:50 ----HD---- C:\Windows\system32\9260E5
2009-08-31 14:38:25 ----DC---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2009-08-29 05:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-24 20:22:31 ----D---- C:\Users\donstanley\AppData\Roaming\LimeWire
2009-08-23 11:44:32 ----RSD---- C:\Windows\assembly
2009-08-23 11:26:16 ----D---- C:\Program Files\Internet Explorer
2009-08-23 11:26:11 ----D---- C:\Program Files\Windows Media Player
2009-08-23 11:25:59 ----D---- C:\Windows\system32\XPSViewer
2009-08-23 11:25:59 ----D---- C:\Windows\system32\wbem
2009-08-23 11:13:37 ----D---- C:\SwSetup
2009-08-23 11:11:14 ----DC---- C:\Program Files\DOSBox-0.70
2009-08-22 18:34:38 ----D---- C:\Windows\Tasks
2009-08-22 18:34:38 ----D---- C:\Windows\system32\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-06 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-06 51376]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-05-30 96520]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-05-30 26184]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-29 8192]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-06 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-06 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-07 218752]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-29 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 4452288]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-05-30 68104]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\#Gravity\RagnarokOnline\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 scrcap;scrcap; C:\Windows\system32\DRIVERS\scrcap.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Anyplace Control Security;Anyplace Control Security; C:\Windows\svcadmin.exe [2008-03-07 45568]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-06 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-06 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-25 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-25 118877]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-06 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-06 352920]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 143360]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe []
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
-----------------EOF-----------------
info.txt:
info.txt logfile of random's system information tool 1.06 2009-09-19 17:28:02
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batch DOCX to DOC Converter 2009-->"C:\Users\donstanley\AppData\Local\Batchwork\Doc-2-Doc\unins000.exe"
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
Cooking Dash-->"C:\Windows\Cooking Dash\uninstall.exe" "/U:C:\Program Files\Cooking Dash\Uninstall\uninstall.xml"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Epi6 Installer-->c:\epi6\Uninstal.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
Half-Life-->C:\Windows\IsUninst.exe -fC:\SIERRA\Half-Life\Uninst.isu -c"C:\SIERRA\Half-Life\HLUNINST.DLL"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0048-->MsiExec.exe /I{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}
HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
iTunes-->MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) SE Development Kit 6 Update 16-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160160}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.5b4)-->C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetBeans IDE 6.7.1-->"C:\Program Files\NetBeans 6.7.1\uninstall.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Presto! PageManager 7.15.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Ranch Rush-->"C:\Windows\Ranch Rush\uninstall.exe" "/U:C:\Program Files\Ranch Rush\Uninstall\uninstall.xml"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
ScanSoft OmniPage SE 4-->MsiExec.exe /X{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Text Twist 2 1.00-->C:\Program Files\Games\Text Twist 2\Uninstall.exe
The Alim-->C:\Windows\uninst.exe -f"C:\Program Files\ISL Software Corporation\The Alim\DeIsL1.isu" -c"C:\Program Files\ISL Software Corporation\The Alim\_ISREG32.DLL"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG 7.5.524 (disabled)
AV: avast! antivirus 4.8.1229 [VPS 090330-0]
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 090330-0]
======System event log======
Computer Name: dnstnly
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 386958
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090918164657.768800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: dnstnly
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 386977
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090918164915.920265-000
Event Type: Error
User:
Computer Name: dnstnly
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 387010
Source Name: Service Control Manager
Time Written: 20090918164924.000000-000
Event Type: Error
User:
Computer Name: dnstnly
Event Code: 7000
Message: The AVG8 WatchDog service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 387013
Source Name: Service Control Manager
Time Written: 20090918164924.000000-000
Event Type: Error
User:
Computer Name: dnstnly
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 387109
Source Name: Tcpip
Time Written: 20090919070904.838000-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: dnstnly
Event Code: 1004
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OsaNonBoot', component '{12240CB1-7447-46B9-BB0D-0FF01666C66F}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\OSA.EXE' does not exist.
Record Number: 70430
Source Name: MsiInstaller
Time Written: 20090913151837.000000-000
Event Type: Warning
User: dnstnly\donstanley
Computer Name: dnstnly
Event Code: 1001
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OsaNonBoot' failed during request for component '{12240CB1-7447-46B9-BB0D-0FF01666C66F}'
Record Number: 70431
Source Name: MsiInstaller
Time Written: 20090913151837.000000-000
Event Type: Warning
User: dnstnly\donstanley
Computer Name: dnstnly
Event Code: 10005
Message: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.
Record Number: 70433
Source Name: MsiInstaller
Time Written: 20090913151907.000000-000
Event Type: Error
User: dnstnly\donstanley
Computer Name: dnstnly
Event Code: 1004
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles', component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}' failed. The resource 'C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE' does not exist.
Record Number: 70698
Source Name: MsiInstaller
Time Written: 20090918234526.000000-000
Event Type: Warning
User: dnstnly\donstanley
Computer Name: dnstnly
Event Code: 1001
Message: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'EXCELFiles' failed during request for component '{A2B280D4-20FB-4720-99F7-40C09FBCE10A}'
Record Number: 70699
Source Name: MsiInstaller
Time Written: 20090918234526.000000-000
Event Type: Warning
User: dnstnly\donstanley
=====Security event log=====
Computer Name: dnstnly
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 92966
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092747.513400-000
Event Type: Audit Failure
User:
Computer Name: dnstnly
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ad34
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ECBF7C1BA4B545C
Source Network Address: 192.168.0.102
Source Port: 1101
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 92967
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.530400-000
Event Type: Audit Success
User:
Computer Name: dnstnly
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ad34
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 92968
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.535400-000
Event Type: Audit Success
User:
Computer Name: dnstnly
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ada2
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ECBF7C1BA4B545C
Source Network Address: 192.168.0.102
Source Port: 1102
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 92969
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.543400-000
Event Type: Audit Success
User:
Computer Name: dnstnly
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0xf2ada2
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 92970
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090919092921.548400-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
-----------------EOF-----------------
We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
this error came up when i ran combofix:
http://i108.photobucket.com/albums/n39/napipikonnako/ss1.png
Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
i think the program got stucked to this:
http://i108.photobucket.com/albums/n39/napipikonnako/ss2.png
the image did not show in my earlier post..
http://i253.photobucket.com/albums/hh64/diannevalenzuela/ss2.png
Then please try to run it again in safe mode.
hello.. i started the laptop on safe mode.. and ran the combofix.. it presented a warning message that i still have my antivirus(avast) on.. before running the combofix i thought that the antivirus was already disabled because i don't see it among the system tray icons.. then i ran avast from the desktop, i tried exploring but i still don't know how to disable it from there.. so i cancelled combofix... sorry O_O
Then it might be better that you uninstall avast! and then rerun combofix.
You can reinstall it after combofix run :)
hello, i don't know how to uninstall the avast antivirus because there's no uninstall.exe in its folder.. so i searched on how to uninstall it and came upon this: http://www.avast.com/eng/avast-uninstall-utility.html
so i did that to uninstall avast and i ran combofix on safe mode..
i left the laptop around less than 5 minutes and when i came back, it was already shut down so i didn't see what happened. did something wrong happen?
No, I don't think so.
Please start computer again and let me know if you can find C:\ComboFix.txt.
i can't find C:\ComboFix.txt but i found this: C:\ComboFix\ComboFix.txt:
ComboFix 09-09-18.02 - donstanley 09/21/2009 10:01:22.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.63.1033.18.1021.668 [GMT 8:00]
Running from: C:\Users\donstanley\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning disabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section not completed
is that the one?
Yes it is.
Looks like it didn't finish.
Please try to run it again in safe mode.
this time, an error occurred:
http://i253.photobucket.com/albums/hh64/diannevalenzuela/ss3.png
do i just continue?
Combofix has expired.
Please download a fresh copy and rerun that in safe mode.
hi, i donwloaded a new ComboFix.exe and ran it on safe mode..
i think this error message(not sure if it's normal) came up when i ran it:
http://i253.photobucket.com/albums/hh64/diannevalenzuela/ss4.png
but it continued to run for a while.. i saw stuff that looks something like this:
completed 1
completed 2
completed 3
and so on.. i thought that it's perfectly fine so i left the laptop and was watching it from afar...
then all of a sudden my laptop suddenly shut down..
again, no C:\ComboFix.txt seen
but i saw this: C:\ComboFix\ComboFix.txt
ComboFix 09-09-25.01 - donstanley 09/28/2009 1:22:22.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.63.1033.18.1021.639 [GMT 8:00]
Running from: C:\Users\donstanley\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning disabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section not completed
ADDED INFO ABOUT MY PROBLEM:
i think lots of system files are already missing/corrupted from my laptop.. reason why i think this: some applications like microsoft excel cannot be run anymore... when i run them, an installer comes up and it gets an error because it says that some files are missing.. are these stuff significant?
another thing, i to type "C"... i have to press capslock + "c"... shift+c.. doesn't work.. when i type shift + "c", nothing appears.. not "C" nor "c".. is that also malware-related? XD thanks
Please right-click combofix and choose run as administrator. Let me know if it helped :)
hello, it only completed up to stage 6 then the laptop shut down again..
i had trouble turning it on: when i press the power button, the light would turn on then off again.. it wouldn't start-up.. it worked when i tried to remove the battery and put it back again..
So then we don't use combofix.
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Rerun rsit.
Post:
- mbam log
- a fresh rsit log
mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 2866
Windows 6.0.6001 Service Pack 1
9/28/2009 3:37:14 PM
mbam-log-2009-09-28 (15-37-12).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 277589
Time elapsed: 4 hour(s), 3 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f53bafe5-ce7a-4e95-95ac-a3912efd3739} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (SoWar Browser) Good: (Internet Explorer) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\9260E5\com.run (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\9260E5\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
rsit log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by donstanley at 2009-09-28 15:48:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 95 GB (65%) free of 147 GB
Total RAM: 1021 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:05 PM, on 9/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\donstanley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\donstanley\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\donstanley.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ph.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [2F7DBA] C:\Windows\system32\9260E5\2F7DBA.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3457A9A7-EAA7-41C8-A025-EC83AE5F366A}: NameServer = 192.168.9.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\Windows\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10224 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-548308923-606228464-1430335500-1000UA.job
C:\Windows\tasks\HPCeeScheduleFordonstanley.job
C:\Windows\tasks\SpeedOptimizer Startup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-02 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-07 159744]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-19 317152]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-19 472800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-01-14 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-01-14 7766016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-01-14 81920]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"WrtMon.exe"=C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-06-01 257088]
"2F7DBA"=C:\Windows\system32\9260E5\2F7DBA.EXE [2009-03-24 114688]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-02 149280]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2008-11-05 4347120]
"Google Update"=C:\Users\donstanley\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe []
C:\Users\donstanley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=1
"NoActiveDesktop"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe"="J:\ow\MAAYOS\Acads\(2-2)\Bio102 Lab\Activity 2 - Embryology\embryology from bio22\vlc-0.9.8a-win32.exe:*:Enabled:ipsec"
"C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE"="C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE:*:Enabled:ipsec"
"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tsdjnq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfvdyxj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winedohxt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\bjtqqb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\lhrlh.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\mpjd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjictdk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmwjygl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fjrcgt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\acbaww.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winujkg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\yntcy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsteglg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winspfoqg.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\plgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ahhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwbcvjy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pnuuj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\isjl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsrys.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlbxi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\punq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsqmp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbrpai.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winoexk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winstlbvv.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winrfglwx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ouses.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hwvcjk.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\leqvve.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjbktru.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\aknt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winklxur.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\fltgmy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\uegaas.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winwobvbd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xnjslc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pxvkgb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\tjpyht.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winlitj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqiaw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintqrpm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winsnjm.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ifwak.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nahd.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\ghhpuq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\onvdl.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wintsitxo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wincdknmt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\windlah.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nkjp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\pgjcka.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rdvo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winpjnpt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winqmla.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\xomltq.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kuotx.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\rxhuyt.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\jjhi.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbgklia.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingrrum.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\thkbfw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winfteatn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winmvwos.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\nwxc.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\wingnbn.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winviswgo.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\eopw.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winjvqtmb.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\gfot.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winirnp.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hhps.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\winbtqgy.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\hkhj.exe:*:Enabled:ipsec"
"C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe"="C:\Users\DONSTA~1\AppData\Local\Temp\kcdht.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f06e3f9-f727-11dc-9a66-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349dc68b-8f17-11dd-8bb9-001a6b047314}]
shell\Auto\command - G:\keybd.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\keybd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beff0c6-73fe-11dd-b8e1-001a6b047314}]
shell\AutoRun\command - wscript.exe solution.vbs
shell\Open\command - wscript.exe solution.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab43a39-fc1d-11db-98b3-001636e76a30}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e05e648-e458-11db-9863-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d2ec337-ee66-11db-bf72-001636e76a30}]
shell\AutoRun\command - F:\EXPLORER.EXE
shell\explore\command - F:\EXPLORER.EXE
shell\open\command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eea49f8-ff2d-11dc-8ba2-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9755d12a-07ee-11de-bcd0-001a6b047314}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63adf5c-455b-11dd-8a2c-001a6b047314}]
shell\0pen\command - krag.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc413d76-dd0c-11dc-aca9-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3de0613-bf8c-11dd-a7f5-001a6b047314}]
shell\AutoRun\command - oalvm.com
shell\explore\command - oalvm.com
shell\open\command - oalvm.com
======List of files/folders created in the last 1 months======
2009-09-28 10:37:56 ----D---- C:\Users\donstanley\AppData\Roaming\Malwarebytes
2009-09-28 10:37:11 ----D---- C:\ProgramData\Malwarebytes
2009-09-28 10:37:10 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-28 02:55:10 ----SDC---- C:\ComboFix
2009-09-28 02:55:10 ----A---- C:\Windows\system32\CF29267.exe
2009-09-28 01:21:29 ----A---- C:\Windows\zip.exe
2009-09-28 01:21:29 ----A---- C:\Windows\SWXCACLS.exe
2009-09-28 01:21:29 ----A---- C:\Windows\SWSC.exe
2009-09-28 01:21:29 ----A---- C:\Windows\SWREG.exe
2009-09-28 01:21:29 ----A---- C:\Windows\sed.exe
2009-09-28 01:21:29 ----A---- C:\Windows\PEV.exe
2009-09-28 01:21:29 ----A---- C:\Windows\NIRCMD.exe
2009-09-28 01:21:29 ----A---- C:\Windows\grep.exe
2009-09-28 01:21:27 ----A---- C:\Windows\system32\swsc.exe
2009-09-28 01:21:27 ----A---- C:\Windows\system32\CF4945.exe
2009-09-28 01:11:15 ----SHDC---- C:\Config.Msi
2009-09-28 00:21:21 ----DC---- C:\Program Files\Microsoft Visual Studio 8
2009-09-27 12:24:14 ----D---- C:\ProgramData\Microsoft Help
2009-09-27 11:18:41 ----D---- C:\Users\donstanley\AppData\Roaming\GetRightToGo
2009-09-21 10:00:21 ----A---- C:\Windows\system32\CF18994.exe
2009-09-21 01:35:15 ----A---- C:\Windows\system32\CF13436.exe
2009-09-20 00:31:01 ----DC---- C:\Qoobox
2009-09-19 17:26:55 ----DC---- C:\rsit
2009-09-12 22:32:25 ----DC---- C:\Program Files\Trend Micro
2009-09-12 22:30:24 ----D---- C:\Windows\ERDNT
2009-09-12 22:29:49 ----DC---- C:\Program Files\ERUNT
2009-09-12 21:14:49 ----A---- C:\Windows\_MSRSTRT.EXE
2009-09-12 21:06:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-12 21:06:41 ----A---- C:\Windows\system32\mf.dll
2009-09-12 21:06:15 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-12 21:06:12 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-12 21:06:12 ----A---- C:\Windows\system32\finger.exe
2009-09-12 21:06:12 ----A---- C:\Windows\system32\ARP.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-12 21:06:11 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-12 21:06:10 ----A---- C:\Windows\system32\netevent.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-12 21:04:39 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-12 21:04:38 ----A---- C:\Windows\system32\wlansec.dll
2009-09-12 21:04:37 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-12 21:03:54 ----A---- C:\Windows\system32\jscript.dll
2009-09-06 07:07:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-06 07:07:28 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-02 17:03:13 ----DC---- C:\Program Files\NetBeans 6.7.1
2009-09-02 16:19:44 ----DC---- C:\Program Files\Sun
2009-09-02 16:19:25 ----A---- C:\Windows\system32\deploytk.dll
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaws.exe
2009-09-02 16:19:24 ----A---- C:\Windows\system32\javaw.exe
2009-09-02 16:19:23 ----A---- C:\Windows\system32\java.exe
2009-08-31 03:21:02 ----D---- C:\ProgramData\WindowsSearch
2009-08-31 03:02:18 ----A---- C:\Windows\system32\tzres.dll
======List of files/folders modified in the last 1 months======
2009-09-28 15:49:05 ----D---- C:\Windows\Temp
2009-09-28 15:46:53 ----D---- C:\Windows\System32
2009-09-28 15:46:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-28 15:46:52 ----D---- C:\Windows\inf
2009-09-28 15:37:11 ----HD---- C:\Windows\system32\9260E5
2009-09-28 10:37:16 ----D---- C:\Windows\system32\drivers
2009-09-28 10:37:11 ----HD---- C:\ProgramData
2009-09-28 10:37:10 ----RDC---- C:\Program Files
2009-09-28 02:55:49 ----A---- C:\Windows\ntbtlog.txt
2009-09-28 02:55:09 ----D---- C:\Windows\system32\en-US
2009-09-28 01:21:29 ----D---- C:\Windows
2009-09-28 01:11:32 ----SHD---- C:\Windows\Installer
2009-09-28 01:11:27 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-28 01:10:34 ----D---- C:\Windows\ShellNew
2009-09-28 01:10:22 ----A---- C:\Windows\win.ini
2009-09-28 01:10:16 ----D---- C:\Program Files\Common Files\System
2009-09-28 01:00:35 ----RSD---- C:\Windows\assembly
2009-09-28 00:55:28 ----D---- C:\Program Files\MSBuild
2009-09-28 00:50:26 ----D---- C:\Program Files\Microsoft Office
2009-09-28 00:49:38 ----RSD---- C:\Windows\Fonts
2009-09-28 00:48:20 ----SD---- C:\ProgramData\Microsoft
2009-09-28 00:44:16 ----D---- C:\Program Files\Common Files
2009-09-28 00:42:46 ----D---- C:\Windows\Help
2009-09-28 00:16:01 ----SHD---- C:\System Volume Information
2009-09-27 13:01:41 ----SD---- C:\Users\donstanley\AppData\Roaming\Microsoft
2009-09-27 12:37:31 ----D---- C:\Windows\winsxs
2009-09-27 12:33:36 ----D---- C:\Program Files\Microsoft Works
2009-09-27 02:11:14 ----DC---- C:\Program Files\Mozilla Firefox
2009-09-27 01:53:07 ----SD---- C:\Windows\Downloaded Program Files
2009-09-26 09:23:15 ----D---- C:\Windows\system32\catroot2
2009-09-21 09:50:48 ----DC---- C:\Program Files\Alwil Software
2009-09-20 22:51:17 ----D---- C:\Windows\Prefetch
2009-09-18 18:05:43 ----D---- C:\Windows\system32\catroot
2009-09-13 06:49:24 ----D---- C:\Windows\rescache
2009-09-13 03:05:22 ----D---- C:\Program Files\Windows Mail
2009-09-13 03:03:56 ----D---- C:\Windows\ehome
2009-09-12 22:02:37 ----D---- C:\Users\donstanley\AppData\Roaming\uTorrent
2009-09-12 21:48:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-12 21:35:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-12 21:24:31 ----D---- C:\Program Files\iPod
2009-09-12 21:21:15 ----D---- C:\Program Files\iTunes
2009-09-12 21:19:46 ----HD---- C:\Windows\system32\GroupPolicy
2009-09-12 21:14:35 ----AD---- C:\ProgramData\TEMP
2009-09-10 22:18:58 ----D---- C:\Users\donstanley\AppData\Roaming\dvdcss
2009-09-07 03:10:28 ----D---- C:\Windows\AppPatch
2009-09-06 03:12:03 ----D---- C:\Windows\Microsoft.NET
2009-09-04 16:54:17 ----D---- C:\Windows\system32\WDI
2009-09-02 16:18:22 ----D---- C:\Program Files\Java
2009-08-31 14:38:25 ----DC---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2009-08-29 05:38:20 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-05-30 96520]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-05-30 26184]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-29 8192]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-16 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-16 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-02-07 218752]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-29 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-01-14 4452288]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-05-30 68104]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 catchme;catchme; \??\C:\Users\DONSTA~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\#Gravity\RagnarokOnline\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 scrcap;scrcap; C:\Windows\system32\DRIVERS\scrcap.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Anyplace Control Security;Anyplace Control Security; C:\Windows\svcadmin.exe [2008-03-07 45568]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2006-11-25 270431]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2006-11-25 118877]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-06-01 501312]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 143360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe []
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
-----------------EOF-----------------
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Everyone else please begin a New Topic.